Slashdot Mirror
Justice Department Revives Push To Mandate a Way To Unlock Phones (nytimes.com)
"FBI and Justice Department officials have been quietly meeting with security researchers who have been working on approaches to provide such 'extraordinary access' to encrypted devices," reports The New York Times (alternative source), citing people familiar with the matter. Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking. Slashdot reader schwit1 shares the report: Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said. The FBI has been agitating for versions of such a mandate since 2010, complaining that the spreading use of encryption is eroding investigators' ability to carry out wiretap orders and search warrants -- a problem it calls "going dark." The issue repeatedly flared without resolution under the Obama administration, peaking in 2016, when the government tried to force Apple to help it break into the iPhone of one of the attackers in the terrorist assault in San Bernardino, Calif. The debate receded when the Trump administration took office, but in recent months top officials like Rod J. Rosenstein, the deputy attorney general, and Christopher A. Wray, the FBI director, have begun talking publicly about the "going dark" problem. The National Security Council and the Justice Department declined to comment about the internal deliberations. The people familiar with the talks spoke on the condition of anonymity, cautioning that they were at a preliminary stage and that no request for legislation was imminent. But the renewed push is certain to be met with resistance.
This is basically impossible without banning general-purpose computing devices entirely. Even if phones have a backdoor, what's to stop someone from loading a Linux variant designed outside the US onto a laptop and using it for secure communications?
Entirely banning "unhackable" communication would require a walled garden that looks more like Alcatraz for every single compute device sold in the world.
I'd expect the issue to surface as many times as necessary until the Justice (lol) Department gets what they want.
Bearing in mind that Trump wanted the IP addresses of 1.3 million people who visited a protest website against his inauguration, I'd add the 1st amendment in there quite heavily too.
They do not givr a crap about EU rules. Yes they are probably bugged by China, but China does not give a crap about me either.
Let the Chinese and EU/US spies beat the crap out of each other If I can support them ruining each other, then as long as it happens without affecting me much, I'm all for it. They're all bastards, no matter the country.
And yes: If I had to move to China, I would probably buy a US/EU phone :)
These companies don;t just do business in America. If the U.S. Government gets it, then other governments will likely follow suit. Blanket refusal is the only answer to protect global civil rights.
This should be easy- just find a way to invalidate the basic laws of physics and mathematics, and voilà, you got it!
Just cruising through this digital world at 33 1/3 rpm...
Current crypto isn't good enough. No amount of talking to consumer tech / engineers / "security researchers" will make it work.
Like moving from symmetric key to asymmetric key, a whole new way of doing crypto mathematics will be needed to solve this. So get some mathematicians on super-magic-only-good-guys-can-spy algorithms.
So the US is becoming China-lite now? How soon before we get our own Great Firewall, too?
Oh, I'm sure that isn't far off. The stable genius just has to figure out which country he is going to get to pay for it.
But we're really not that far behind as it is. The data collection that's done on citizens, residents and foreigners in the US is probably not much smaller than what's done in China. Companies like Google and Facebook make it much easier to correlate all the data.
You misunderstand. Its not necessarily about being hackable or backdoored. There is no need to remove the current level of encryption and digital signatures and other technical security features, nor is it necessary to prevent further advances in these areas. All that government would need to do is require Apple/Google/Microsoft/etc to archive your passcode, and give up your passcode when presented with a warrant. Yes, that is not desirable. However it is not "banning unhackable communication".
So the US is becoming China-lite now?
Why compare them with China? Why not the UK? After all, UK courts have ruled that prisoners can be forced to hand over encryption keys, and can be held in custody indefinitely until they comply.
Where was your snarky comment when that was going on, BTW?
You're right. If I can install software on my phone, I don't have to install software that gives away my encryption keys.
They seem to be collecting it all, anyway.
Thousands of years of empirical historical evidence conclusively demonstrate that government always tends to seize as much power for itself as posisble. There is no such thing as a government that respects the citizenry over the long course of time.
As long as you justify the state, you will fail. The state must be abolished, and a truly market-based order of voluntary and capitalist-driven rules implemented in order to create a civilization that serves the consumer rather than the oligarchs.
"Today, Nancy Pelosi and Chuck Schumer have co-sponsored and introduced the Anal Probe Equality Act (APE Act). Pelosi was quoted as saying about the importance of the bill's passage; "With the passage of this APE Act, no more will some American be discriminated against by Right-Wing UFOs anal-probing only a privileged few!"
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
"Companies like Google and Facebook make it much easier to correlate all the data."
The irony being that almost all that data is actually quite useless. Sooner or later -- maybe next week, maybe a decade from now, folks will figure that out and there will be a massive market reevaluation.
Talk about emperor's new clothes...
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
You have it backwards. Amateur radio is what still works when the cell towers go down. So well that ham operators are asked to go to disaster zones and reestablish comms.
Try harder
A simple fact that somehow seem to be very, very hard for some to understand. Or maybe that just don't want to understand it?
Key escrow and LEAF. A bad idea then, a bad idea now. https://academiccommons.columbia.edu/catalog/ac%3A127127
The idea is to store an electronic key on the device that would be separately encrypted. This looks like a very bad idea as if the system writes that access key into the memory, this part is accessible physically. Whoever thought about this assumes that there is a decryption known only to the manufacturer or FBI which allows to unlock the device. What do you do if for some reason a third party finds out to unlock or access it remotely? Suddenly, all phones, including the ones of the morons who came up with the idea, will be wide open to everybody. This is unrelated to the technology used. They try to solve a problem, risking a meltdown of a large part of information infrastructure. Also, how long would it take after the implementation that nobody would buy phones from US manufacturers any more?
Why compare them with China? Why not the UK? After all, UK courts have ruled that prisoners can be forced to hand over encryption keys, and can be held in custody indefinitely until they comply.
That is not the same thing at all.
Additionally, your scenario can already happen in the US, if there is enough evidence for the police to get a warrant.
#DeleteChrome
There is no stopping it. Either side.
LE is going to keep pushing for it until they get it, Team FuckYou is going to keep writing workarounds to thwart it and the folks you want to catch with your new backdoor are simply going to cease using the compromised products altogether and find something else.
Kind of makes me wonder the real reasons for banning Huawei phones from the US markets. National Security or the fact they won't play ball with the DOJ. . .
”They included Ray Ozzie, a former chief software architect at Microsoft; Stefan Savage, a computer science professor at the University of California, San Diego; and Ernie Brickell, a former chief security officer at Intel.”
I can’t speak to Professor Savage’s expertise; but just having these particular guys from Intel and Microsoft involved should scare the crap out of you.
#DeleteChrome
It's my understanding (correct me if I'm wrong) that use of encryption is specifically banned on ham radio bands.
Your "solution" to the problem of obtaining strong encryption iis to use a medium that already band use of encryption entirely?
If you're a zombie and you know it, bite your friend!
If our government can enter a backdoor for plain old crimes, Russia and China can for reasons why we have a 4th Amendment -- spying on and hassling all who challenge their power.
These are not things that disappeared 240 years ago. They are chronic problems that will exist forever, and if technology can perma-block bad governments, we should adopt it, not lament it.
Each notch in the belt of an FBI agent or local police officer represents over 2.5 billion worldwide who live, and don't have to imagine "If you want a picture of the future, imagine a boot stamping on a human face — forever."
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
They will need to be better than every other person online in the world. There's some really great talent out there, and you will always find someone better than you... and thats the problem right there.
[($)]
Should we have freedom of privacy? My contacts, whether friends, family or business associates shall not be subject to government scrutiny.
... and running into Eighth Amendment issues...
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Wrong. It's the Trump Administration now requesting a back door into all our devices. Why are you trying to divert blame elsewhere?
BOTH Parties have been pushing this.
The one area where there is bipartisan agreement is that people have too much money, liberty, and privacy.
I simply expect the Democrats to jump in with both feet to beat the Republicans to the punch.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Not quite. The first sentence:
Information-theoretic security is a cryptosystem whose security derives purely from information theory. In other words, it cannot be broken even if the adversary had unlimited computing power. The adversary simply does not have enough information to break the encryption and so the cryptosystems are considered cryptanalytically-unbreakable.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Out personal information is widely available to multiple groups. The government has easy access to an almost endless amount of information about us. There is:
The 3rd party doctrine roughly states that we can only assert a privacy right over information we directly control. If the information is shared with a 3rd party, they we don't control it, and we can't assert a privacy right over it. As the 3rd party doctrine has expanded, we have lost privacy over any shared information.
Now, law enforcement wishes to move beyond the limits of the 3rd party doctrine. They advance the legal theory that we should not be allowed to control our own information/privacy AT ALL. They believe that the desires of law enforcement should always outvote an individual's desire for freedom, privacy or liberty. That we should never be allowed to be secret, private or alone.
The proposals for "Responsible Encryption" are a simple end-run around the 1st, 4th and 5th amendments to the US constitution. Instead of debating this crap, we should be demanding stronger privacy protections. We need to restrict the 3rd party doctrine. We need to penalize any lawyer or judge who participates in granting "General" warrants. We need to restrain the Intelligence community from conducting mass surveillance on the US public.
We should also put listening devices in everybody's homes, just in case they are talking about a crime where the FBI cannot listen. (and no, I'm not talking Alexa, but who knows...)
In case they are somewhere that electricity isn't, such as camping, we should have a government agent accompany everyone so that we can hear what they are talking about.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
"Lite" now, and when China has had "great success in restoring morality" with their fascistic (yes, it actually matches here , look up the definition of fascism) "social score" system, then the US administration will implement that too. As the US population is deeply in coma and notices nothing, this is pretty much assured to happen.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
You misunderstand the purpose of the law and the constitution: It is only to be used against citizens, it does of course not constrain the holy^H^H^H^H legal authorities, because they cannot do any wrong by definition.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
They seem to be a non-issue, just look to the recent past for examples. They just have to make sure not to waterboard you on US soil and maybe remove your citizenship before.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Trump: My surveillance state is going to be YUUUUUUUGE!
Democrats: No way. You're just taking credit for the surveillance state that Obama built.
Hey, when disaster strikes you may again operate your radio to coordinate the effort to establish allowed communication.
Then it's time for you to shut up again.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Sadly it's not a war on freedom. If it was, and was about as successful as the other "wars on..." (terrorism, drugs, etc), I wouldn't worry so much.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The problem is that you won't get your easy way to track terrorists. Terrorists aren't dumb. This is like upping the police presence at some drug hub. What happens? Does the drug trade stop? No. The dealers just move somewhere else and a week later we're back at square one. Just with more police standing around uselessly and wasting taxpayer money.
This is exactly the same. If there was at least some effect, I'd even be game to try it. But all this accomplishes is a huge waste of taxpayer money and at least as much damage to corporations having to implement useless protocols, while terrorists just move on to the next thing.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Justice Department officials believe that these "mechanisms allowing access to the data" exist without weakening the devices' security against hacking.
Utter fucking bullshit. Because "Allowing access" is the bloody fucking definition of "weakening security". oh oh, but they claim "Against hacking". What they're trotting out is a system called "Symphony". It stores a copy of the keys. You want to send a secure message, you have to let symphony be able to read it. And everyone promises that these keys will only ever be read by police with a warrant. The vital question is "What if the symphony database gets hacked?" A whole hell of a lot of trading with insider knowledge could take place without anyone knowing and those with the knowledge could get super-bloody rich. Hell, it might be happening right now. How would we even know?
But these shmucks are at least thinking one step ahead of that:
The idea is that when devices encrypt themselves, they would generate a special access key that could unlock their data without the owner’s passcode. This electronic key would be stored on the device itself, inside part of its hard drive that would be separately encrypted — so that only the manufacturer, in response to a court order, could open it.
Then the question simply becomes: "What if someone at the manufacturer loses, sells, or mishandles these MASTER-KEYS to the BACKDOOR?" This isn't even bank-run organizations or super-secret three-letter-agencies being trusted to secure these things. This is Apple and Facebook and Sony and Huawei. Do you trust them to handle the secrets of your senators?
FURTHERMORE, this is completely useless as anyone with 2 braincells that doesn't want the justice department to have a backdoor, will simply NOT USE these services. The only way this will help catch the people we want caught is if they OUTLAW any alternative. Somehow on a world-wide level. Ha, good luck with that.